[TUT] Convert/Find/Update TWMS to MSEA

[xcelestialx]

and this is the code for nds

Code: Select all

[ENABLE]
registersymbol(FixTime)
alloc(FixTime,1024)
registersymbol(FixTimeOF)
alloc(FixTimeOF,4)
registersymbol(Fix)
alloc(Fix,1024)
registersymbol(FixSSTime)
alloc(FixSSTime,4)
registersymbol(FixSSTime10C)
alloc(FixSSTime10C,4)
label(Fix00)
label(Fix01)
//-----------------------------------------------
Fix:
push eax
mov eax,[ebx+0000010c]
cmp [FixSSTime10C],eax
pop eax
je Fix01
push eax
mov eax,[FixTimeOF]
cmp eax,[FixSSTime]
pop eax
je Fix00
push eax
mov eax,[ebx+0000010c]
mov [FixSSTime10C],eax
mov eax,[FixTimeOF]
mov [FixSSTime],eax
pop eax
 
 
Fix01:
push [ebx+000000b0]
call 006efb78
pop ecx
mov ecx,esi
sub ecx,[ebx+0000010c]
push esi
mov ecx,ebx
call 00723397
jmp 00722747
 
 
//-----------------------------------------------
Fix00:
jg 00722747
cmp dword ptr [ebx+000000c0],01
jmp 007226DF
//-----------------------------------------------
 
FixTime:
add [FixTimeOF],2710
mov eax,[FixTimeOF]
ret
 
007226D6:
jmp Fix
db 90 90 90 90
 
00723DB8:
call FixTime
//-----------------------------------------------
[DISABLE]
007226D6: 
jg 00722747
cmp dword ptr [ebx+000000c0],01
 
//-----------------------------------------------
dealloc(FixTime)
unregistersymbol(FixTime)
//-----------------------------------------------
dealloc(Fix)
unregistersymbol(Fix)
dealloc(Fix)
unregistersymbol(Fix)

im trying to search for this push [ebx+000000b0], but when i found it, the one in msea has 2 extra lines in between, wat does that mean ? the 2 extra lines are

cmp ecx,eax
jle 007ebe89

btw, can we use ollydbg in msea ?

[iHEARTx3]

Code: Select all

No Delay Summon
//TWMS CRC No Delay Summon v100 by zgenden
[ENABLE]
registersymbol(FixTime)
alloc(FixTime,1024)
registersymbol(FixTimeOF)
alloc(FixTimeOF,4)
registersymbol(Fix)
alloc(Fix,1024)
registersymbol(FixSSTime)
alloc(FixSSTime,4)
registersymbol(FixSSTime10C)
alloc(FixSSTime10C,4)
label(Fix00)
label(Fix01)
//-----------------------------------------------
Fix:
push eax
mov eax,[ebx+0000010c]
cmp [FixSSTime10C],eax
pop eax
je Fix01
push eax
mov eax,[FixTimeOF]
cmp eax,[FixSSTime]
pop eax
je Fix00
push eax
mov eax,[ebx+0000010c]
mov [FixSSTime10C],eax
mov eax,[FixTimeOF]
mov [FixSSTime],eax
pop eax


Fix01:
push [ebx+000000b0]
call 006efb78
pop ecx
mov ecx,esi
sub ecx,[ebx+0000010c]
push esi
mov ecx,ebx
call 00723397
jmp 00722747


//-----------------------------------------------
Fix00:
jg 00722747
cmp dword ptr [ebx+000000c0],01
jmp 007226DF
//-----------------------------------------------

FixTime:
add [FixTimeOF],2710
mov eax,[FixTimeOF]
ret

007226D6:
jmp Fix
db 90 90 90 90

00723DB8:
call FixTime
//-----------------------------------------------
[DISABLE]
007226D6:
jg 00722747
cmp dword ptr [ebx+000000c0],01

//-----------------------------------------------
dealloc(FixTime)
unregistersymbol(FixTime)
//-----------------------------------------------
dealloc(Fix)
unregistersymbol(Fix)
dealloc(Fix)
unregistersymbol(Fix)No Delay Summon
//TWMS CRC No Delay Summon v100 by zgenden
[ENABLE]
registersymbol(FixTime)
alloc(FixTime,1024)
registersymbol(FixTimeOF)
alloc(FixTimeOF,4)
registersymbol(Fix)
alloc(Fix,1024)
registersymbol(FixSSTime)
alloc(FixSSTime,4)
registersymbol(FixSSTime10C)
alloc(FixSSTime10C,4)
label(Fix00)
label(Fix01)
//-----------------------------------------------
Fix:
push eax
mov eax,[ebx+0000010c]
cmp [FixSSTime10C],eax
pop eax
je Fix01
push eax
mov eax,[FixTimeOF]
cmp eax,[FixSSTime]
pop eax
je Fix00
push eax
mov eax,[ebx+0000010c]
mov [FixSSTime10C],eax
mov eax,[FixTimeOF]
mov [FixSSTime],eax
pop eax


Fix01:
push [ebx+000000b0]
call 006efb78
pop ecx
mov ecx,esi
sub ecx,[ebx+0000010c]
push esi
mov ecx,ebx
call 00723397
jmp 00722747


//-----------------------------------------------
Fix00:
jg 00722747
cmp dword ptr [ebx+000000c0],01
jmp 007226DF
//-----------------------------------------------

FixTime:
add [FixTimeOF],2710
mov eax,[FixTimeOF]
ret

007226D6:
jmp Fix
db 90 90 90 90

00723DB8:
call FixTime
//-----------------------------------------------
[DISABLE]
007226D6:
jg 00722747
cmp dword ptr [ebx+000000c0],01

//-----------------------------------------------
dealloc(FixTime)
unregistersymbol(FixTime)
//-----------------------------------------------
dealloc(Fix)
unregistersymbol(Fix)
dealloc(Fix)
unregistersymbol(Fix)

So This Is The TWMS Script For Maplesea v82 .
How Do I Find The Array Of Bytes?
Sorry.
I didnt understand the Array Of Bytes In Chinese.

[ Please Help ]

[xiaocross]

im trying to search for this push [ebx+000000b0], but when i found it, the one in msea has 2 extra lines in between, wat does that mean ? the 2 extra lines are

cmp ecx,eax
jle 007ebe89

btw, can we use ollydbg in msea ?

i tried to find the address by using sub ecx,[ebx+0000010c] and got the 2 extra lines similar to yours, hope someone can help to clarify if we need to add the 2 lines into our script or we have done some wrong steps in between.
I'm not sure about ollydbg but my msea crashed when i open olly

[lols]

any could post twms soul dem script pls ?
thanks !

[wizme]

in the twms script they never put the 2 line? so just follow? lol... try man, if wrong then try without it.... always try b4 asking =).

[xiaocross]

in the twms script they never put the 2 line? so just follow? lol... try man, if wrong then try without it.... always try b4 asking =).

I tried twice once without adding the 2 lines and the other time adding the 2 lines however both times my summon did not do any dmg. I guess I gotten wrong address but after several tries I still got back the same addresses could kind soul add my msn and guide me on which part im wrong pls?

[ltitusl]

If its only a 1 line coding how find?

Code: Select all

[ENABLE]
004f43ec:

je 004f43f8

[DISABLE]

004f43ec:
db eb 4e

[iHEARTx3]

Twms NDS Script Main One Izit This ? -

- This IS NDS TWMS Script -

Code: Select all

[ENABLE]
registersymbol(FixTime)
alloc(FixTime,1024)
registersymbol(FixTimeOF)
alloc(FixTimeOF,4)
registersymbol(Fix)
alloc(Fix,1024)
registersymbol(FixSSTime)
alloc(FixSSTime,4)
registersymbol(FixSSTime10C)
alloc(FixSSTime10C,4)
label(Fix00)
label(Fix01)
//-----------------------------------------------
Fix:
push eax
mov eax,[color=#FF0000][ebx+0000010c][/color]
cmp [FixSSTime10C],eax
pop eax
je Fix01
push eax
mov eax,[FixTimeOF]
cmp eax,[FixSSTime]
pop eax
je Fix00
push eax
mov eax,[ebx+0000010c]
mov [FixSSTime10C],eax
mov eax,[FixTimeOF]
mov [FixSSTime],eax
pop eax
 
 
Fix01:
push [ebx+000000b0]
call 006efb78
pop ecx
mov ecx,esi
sub ecx,[ebx+0000010c]
push esi
mov ecx,ebx
call 00723397
jmp 00722747
 
 
//-----------------------------------------------
Fix00:
jg 00722747
cmp dword ptr [ebx+000000c0],01
jmp 007226DF
//-----------------------------------------------
 
FixTime:
add [FixTimeOF],2710
mov eax,[FixTimeOF]
ret
 
007226D6:
jmp Fix
db 90 90 90 90
 
00723DB8:
call FixTime
//-----------------------------------------------
[DISABLE]
007226D6: 
jg 00722747
cmp dword ptr [ebx+000000c0],01
 
//-----------------------------------------------
dealloc(FixTime)
unregistersymbol(FixTime)
//-----------------------------------------------
dealloc(Fix)
unregistersymbol(Fix)
dealloc(Fix)
unregistersymbol(Fix)

The One I Highlighted Red , izit the Main ?
I Search - > Assembly Code But Keep On Not Responding !

Wizme help me please .

[iSean]

The Fastest way is Updating by AoB. I will fail due Updating Because It only works for a few time for me